[openssl-dev] OpenSSL and certain PEM formats
Kurt Roeckx
kurt at roeckx.be
Wed Dec 17 11:34:32 UTC 2014
On Wed, Dec 17, 2014 at 02:37:08AM -0800, Sean Leonard wrote:
> Hi OpenSSL devs:
>
> I am putting the finishing touches on an Internet-Draft for textual
> encodings of security structures
> <http://tools.ietf.org/html/draft-josefsson-pkix-textual-09>, which OpenSSL
> refers to as the "PEM format".
>
> While reviewing OpenSSL's behavior, I noticed a few esoteric labels (see
> pem.h):
> #define PEM_STRING_X509_PAIR "CERTIFICATE PAIR"
> (note, this is supposed to encapsulate a CertificatePair structure from
> X.509)
> #define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS"
> #define PEM_STRING_PARAMETERS "PARAMETERS"
> (note, this label does not have any algorithms in it, so I presume it
> refers to some kind of generic parameter structure)
>
> Do these labels have practical use? I have not seen them in the wild. Why
> are they in OpenSSL? Are they ever used for interchange with other
> implementations, or are they specific to OpenSSL's own purposes?
I know that the ssl session parameters can be read and written by
s_client and sess_id. It can be used to resume a session.
applications can store the session information in a database or
something like that to later be able to resume the session. But I
don't think anything uses it without openssl. It's stored in an
SSL_SESSION_ASN1 which is an internal only structure that can
changed between versions. Only the version that has written that
should be able to read it.
Kurt
More information about the openssl-dev
mailing list